Internet Infrastructure Security Guidelines for Africa 0 1043

  • The guidelines are expected to enable Africa to create a more secure Internet infrastructure and are set to change the way African Union States approach cyber security preparedness.
  • Intermittent connectivity poses a unique threat towards Africa’s digital ecosystem.
  • Many commercial and industrial systems in Africa have embedded software that is out-of-date and/ or unpatched, and are, therefore, especially vulnerable.
  • Physical attacks on the infrastructure also pose a threat. The attacks could be intentional and motivated by financial reasons, political activism, or even terrorism.
  • Organizations do not report security incidents. This makes it difficult to know the magnitude of the attacks in Africa and to find solutions.
Internet Infrastructure Security Guidelines for Africa

What are the Internet Security Guidelines for Africa?

On the 30th of May, 2017, The Internet Society and the African Union Commission today unveiled a new set of Internet Infrastructure Security Guidelines for Africa during the Africa Internet Summit, which took place in Nairobi from 30 May- 2 June.

The guidelines are expected to enable Africa to create a more secure Internet infrastructure and are set to change the way African Union States approach cyber security preparedness.

The Scope of the Internet Security Guidelines:

The Internet Security Guidelines seem to focus primarily on Internet Infrastructure Security rather than network security and conventional information assurance practices. It is essential to note that these areas are highly related and tend to overlap regularly.

Notably, the Guidelines make little mention of the physical security of any elements necessary to the development of apt internet infrastructure. This is due to the presence of developed standards offering best-practice guidance regarding the physical security of physical assets enabling access to the Internet.

The recommendations highlight a number of aspects of physical security for assets such as cables and other physical infrastructures, but the topic is not exhaustively covered therein.

The Guidelines also extensively discuss the need to build the infrastructural capacity of African countries, as the studies undertaken by the Internet Society in the drafting of the Guidelines, highlighted an immense gap in the African Digital Market.

The Guidelines thus focus on building at regional, national and institutional or organizational levels. They seek to develop human resources through education and training, cooperation at all levels, capacity building in information sharing, etc.

Notable Points from the Panel Discussion:

Intermittent Connectivity as a Unique issue

The Panelists interviewed during the development of the guidelines, highlighted that intermittent connectivity poses a unique threat towards Africa’s digital ecosystem.

At a fundamental level, the nature of cyber threats in Africa is largely similar to elsewhere in the world. However, intermittent connectivity is a serious problem, which distinguishes Africa from much of the rest of the world.

Intermittent connectivity is a result of a number of factors such as insufficient resources in terms of bandwidth, the cost of Internet connectivity, frequent power outages and blackouts, a lack of effective maintenance and scheduled patching, a lack of trained workers, natural factors (such as inclement weather), and human factors (fraud, sabotage, theft, fuel shortage, etc.). Intermittent connectivity limits the capability of stakeholders to collaborate to prepare for, or to respond to, an attack.

Unpatched/Outdated Software

Many commercial and industrial systems in Africa have embedded software that is out-of-date and/ or unpatched, and are, therefore, especially vulnerable.

For example, many financial systems and public sector networks are dependent on machines running software which is no longer supported by its developers, and for which security upgrades are no longer available.

The mobile industry also raises similar concerns. In some instances, mobile devices are being sold with out-of-date or unpatched software.

Alongside out-of-date or unsupported software, an inability or unwillingness to upgrade or patch servers and applications on a regular basis makes systems vulnerable to attack.

Physical damage to Critical Internet Infrastructure:

Physical attacks on the infrastructure also pose a threat. The attacks could be intentional and motivated by financial reasons, political activism, or even terrorism.

Physical damage to infrastructure could also be unintentional, due to factors such as a lack of proper and regular maintenance on the part of the operators, or negligence due to poor operational and management practices.

Fiber cuts were cited as an example of physical attacks. It may be difficult to totally avoid this problem, but solutions to identify and locate cuts would help mitigate the impact. Information sharing among operators is critical in this regard.

Need for Transparency and Information Sharing Mechanisms:

Another problem identified was the lack of transparency regarding cyberattacks. Some organizations do not report security incidents. This makes it difficult to know the magnitude of the attacks in Africa and to find solutions.

Therefore, a trusted ecosystem should be fostered so that everyone (including operators and end users) can learn from cyber incidents. Established practices on responsible disclosure and vulnerability disclosure coordination allow for the provision of information in ways that will not expose infrastructure to further risk, are also important

National Internet Infrastructure Safety Principles:

The Guidelines highlight that policy-makers should use four essential principles as a guide. These essential principles are awareness, responsibility, cooperation, and fundamental rights and Internet properties.

  1. Awareness: An understanding of security risks, along with how they can impact others in the Internet infrastructure ecosystem. A preparedness to recognize the risk and manage it, and evaluate the impact of actions on oneself and others in the African Internet infrastructure ecosystem.
  2. Responsibility: Taking responsibility for the management of security risks. Due to the fundamental nature of the Internet, one should conside1r the potential impacts of one’s actions, or inactions, on other stakeholders before taking action.
  3. Cooperation: Engage in an ongoing cyber security dialogue that includes actors across borders to effectively counter new and persisting threats. The security of critical Internet infrastructure cannot be achieved alone. There is a need for cooperation and collective responsibility among all stakeholders, not just the government and a selected number of stakeholders.
  4. Fundamental Rights and Internet Properties: Actions to manage security risks must adhere to fundamental rights, be transparent, and not infringe upon the fundamental properties of the Internet: voluntary collaboration, open standards, reusable technological building blocks, integrity, permission-free innovation, and global reach.

An effective approach to Internet infrastructure security must not only employ these principles, but empower all other stakeholders to use them. The approach should support conditions for collaborative security and an ongoing security dialogue, encourage transparency, and empower others to safeguard the fundamental properties of the Internet. The approach should improve access and contribute to a more open Internet ecosystem, free of censorship and respectful of privacy.

Regional Recommendations from the Guidelines:

As the Internet is designed as a collection of networks, responsibility for security is shared. As such, every participant should be conscious that their own security also depends on the security of neighbouring networks and that their security decisions impact others. There is a collective responsibility to implement best practices for Internet security. We recommend establishing a coordination structure at the continental level and engaging in new capacity building initiatives.

The Guidelines thus recommended the following policies which should be adopted regionally:

  1. The formation of an Africa-Wide Cyber Security Collaboration and Coordination Committee (ACS3C).
  2. States should facilitate Information Exchange through a National Multistakeholder Structure
  3. States should establish and strengthen National Level Computer Security Incident Response Teams (CSIRTs)
  4. Governments should promote the use of IXPs and increased cooperation and connectivity between different African networks. IXPs can limit the scope of cyberattacks.
  5. ISPs and network operators have a responsibility to coordinate and collaborate with one another, their customer organizations, and other stakeholders.

Conclusion:

African consumers deserve to enjoy safer technology

The proliferation of the Internet and cloud-based services within the Africa has had the effect of exponentially increasing the number of Africans online.

Kenya has an internet penetration rate of 85.3% or 37.7m of about 40m Kenyans are online! Click to Tweet

In certain nations like Kenya, the internet penetration rate is a whopping 85.3%, where about 37.7m (of about 40m) Kenyans are online and engage in digital transactions on a daily basis. The latter trend is followed similarly in Nigeria, where about 80% of the nation’s citizens have a presence online. This is similarly attributed to the growth of social media in Africa and its direct relationship with internet usage within the region.

In order for the continued use of the Internet within our Continent to remain sustainable, it is essential for governments to legislate and necessitate the adoption of essential security practices.

A prime example of this would be the adoption of secure protocols which should be used in products and services supporting Internet infrastructure.

For instance, TLS (transport layer security) is a cryptographic protocol that should be employed to protect web services. TLS encrypts data exchanged in an HTTP transaction and cryptographically identifies one or more of the parties engaged in a transaction. Privacy and identity are fundamental elements of secure Internet infrastructure.

Governments need to necessitate this as a minimum standard for the provision of digital services for their citizens, to guarantee the safety of their privacy and consumer rights.

Internet Exchange Points, a positive eventuality for African netizens.

Internet Exchange Points should also be aptly implemented to facilitate cross-border internet connectivity, as it enhances regional connectivity even further. Governments should promote the use of IXPs and increased cooperation and connectivity between different African networks.

IXPs limit the scope of cyberattacks and improve the total internet security resilience of these areas. With the growth of regionalism and the eventual growth of bodies such as COMESA and the East African Community (EAC), Internet Exchange Points could be a unifying factor which could lead to the enjoyment of cross-border internet services.

Previous ArticleNext Article

How To Easily Set Up a VPN at Home 0 224

Woman working at home

As the COVID-19 pandemic has many organizations switching employees to remote work, a virtual private network is essential for countering the increased security risks

Probably, you have been forced to work from home due to the COVID-19 outbreak (recommended to reduce the spread of the virus). However, you are wondering how you will set up your VPN to enable secure communication.

Well, don’t agonize too much; we shall first explain to you what a VPN entails. And then, provide you with a step by step procedure for setting a basic Virtual Private Network. Here we go!

First, what is a Virtual Private Network (VPN)?

Essentially, a VPN is a private channel within a wider (open) network that enables you to communicate with your peers (other nodes with similar settings) without leaking your information through the use of encryption.

Besides, you can utilize a VPN to initiate communication through any network without revealing your location. In any case, a significant number of vendors deal with clients needing such services to avoid being tracked or be able to bypass particular network filters. 

However, in our case, we shall consider a home office VPN that will create a communication tunnel for your practical and secure home office communication.

Is it necessary to set up a virtual private network?

For there to be any communication between two endpoints ─ your pc and the computer in the main office –, they must be configured.

In this case, you’ll require the services of your IT department (if you have one), who will guide you regarding the applications to install, as well as provide you with VPN credentials depending on your needs. Upon installing and configuring the said app, you can automatically establish communication through the provided link. Easy-peasy, right?

On the other hand, if you don’t have an IT department behind your back, then you may have to do it yourself. These shouldn’t; however, scare you at all; it’s not as tough as you might imagine.

But before we explore the nitty-gritty of setting up the VPN, we first need to identify the options we have. In our case, we shall examine two options:

  • Open VPN: standard in small office/home office and business-class routers
  • IP Sec: Is Built-in and commonly used by desktops, smartphones, and laptops

The Open Virtual Private Network

This type of VPN has been around for a long time and has proved itself secure and reliable. It is ideal for small office/ house offices, as well as business-class routers, thanks to its open-source nature.

Procedure for installation

  1. On a contemporary device, go to the router’s configuration screen and click the relevant buttons to access your office network
  2. Download the configuration file generated by the router
  3. Use this file to configure/setup the OpenVPN in your pc, smartphone, or desktop that you want to use to access the Network behind that particular router. In case you get stuck somewhere, you can download or follow an online tutorial for your specific router.
  4. Download the required apps that will enable you to access your new home office VPN from this website.
  5. Install the downloaded applications and then configure them using the files generated when setting up the Open VPN on your office router.

In the event you find the going tough, you can always consult with an online tutorial or IT personnel.

Internet Protocol Security

IPsec is also another technology that has been in use for an extended period to provide reasonable security. It utilizes the same working principles as the OpenVPN; however, it is mostly used on lower-cost routers. Besides, it is a built-in technology in most desktops, laptops, and smartphones; therefore, it eliminates the need for installing another application on your device.

The installation process is similar to that one of OpenVPN. However, implementing a particular router IPsec can sometimes be a little more complicated compared to installing an open VPN.

Fortunately, with the use of native tools on your remote endpoints, you can offset this by just typing in a few things, such as the required IP address and credentials.

Final thoughts

Conclusively, these are some of the simplest virtual net protection options you can install on your home system without requiring massive/no input from IT experts.

Importantly, you will need a beefier than standard broadband for quick communication over the VPN. Also, you may experience slower connections due to the much horsepower required to keep the connection encrypted and tunneled. Nevertheless, this is a small price to pay in exchange for a secure home office communication.

In case you required any advice regarding VPN options or installation services, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-days trial for free.

How To Improve Communication Security with MFA 0 625

Person working on two factor authentication

Remote work can be much safer with the basic cyber-hygiene practices in place – multi-factor authentication is one of them

If you are working from home due to the coronavirus pandemic, it is essential to integrate two-factor authentication (2FA) or multi-factor authentication in your daily login routine. That way, you can beat fraudsters at their own game, since the security of your essentials isn’t wholly dependent on passwords alone.

The interesting bit with this technology is that you may have already seen it in action; for instance, when requesting access to your bank account via your smartphone. In this case, you must enter the one-time code sent to you in addition to your password to gain access.

See, enabling such double authentication processes on all your logins can make it difficult for scammers to access your accounts even if they compromise your passwords.

That said, you may now want to know which MFA option to use? Well, we take a look at some of the ways you can utilize MFA to bolster the security of your connections when working remotely.

  1. First, the use of a physical token

To implement this technique, you will require a physical device such as a security USB key, a key fob, or a similar item that will generate a secure code for verification purposes.

You’ll mostly be required to integrate this method if you need access to your cloud-based applications, online office applications, or corporate office technology. The YubiKey or Thetis is an example of such a device that you can purchase with less than US$50.

For convenience purposes, most of these devices are designed tiny; you can carry them in your pant pocket or hang them on a keychain for safety purposes. 

2. Use of a mobile phone

Most likely, you own a smartphone, right?

If yes, you can use it to boost your MFA security capabilities. For instance, you can download an authentication app such as Google Authenticator, ESET Secure Authentication, or Authy for your use.

The only caveat here is to ensure your source has a reputable security background. This is informed by the fact that the app is going to reside inside your smartphone, which is also vulnerable to security threats; therefore, robust security is required to avoid pre-emptying your security efforts.

Importantly, be on the lookout for spam messages when using your phone as they can trick you into compromising your accounts.

Fortunately, if you download applications from reputable sources, you can be offered a solution in case you have an issue with the platform itself.

3. Use of Biometrics

Factually, no single human being shares a fingerprint or retinal scan with another. This unique feature has been conveniently utilized overtime to provide robust multi-factor Authentication. 

You can also utilize the same to secure your connections.  For instance, you can take a picture of your face or scan your fingerprint using a biometric reader – currently, a common feature in smartphones or other devices ─, and then integrate it in your login procedure. These will prevent any other user from accessing your accounts or private information.

On the flip side, some folks feel that the technique is somehow creepy; therefore, give it a wide bath. Besides, it can present a challenge when you need to reset your bio features if your service provider is hacked.

Final thoughts

When scouting for a suitable MFA option for your needs, it is vital to consider one that can easily fit your routine. This stems from the fact that without proper utilization, an MFA option can’t protect you.

Similarly, an MFA technique can allow some side benefits as well. For instance, in the event of a security breach, you will be notified that your password has been interfered with; this can enable you to implement mitigation measures. Not only that, but you also get protected from the would-be attack since the fraudsters wouldn’t have access to your other factors.

In case you require a secure authentication application or consultation regarding MFA options, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software. 

Try our extended 90-days trial for free.